Use Cloudflare with AutoSSL

While well use Cloudflares free account as a specific example, the general principle should apply to any CDN/Website Firewall where you cannot allow AutoSSL to view the actual IP address.

  1. Rely on Cloudflares shared SSL certificate and set your SSL level to Full or lower. This will keep the connection between visitors and Cloudflare encrypted but may leave the connection between Cloudflare and your web host unencrypted. If youre fine with that then theres nothing left to do.
  2. Use AutoSSL and disable Cloudflare (or allow traffic to simply pass through Cloudflare). This will allow you to use the SSL Certificate generated by AutoSSL but you will unfortunately lose all the benefits that Cloudflare brings (such as caching, minification etc). If you only want to use Cloudflare as a DNS manager, then this might be the solution for you.
  3. Temporarily disable Cloudflare when you need to issue/renew the SSL Certificate via AutoSSL. This will be troublesome because Lets Encrypt requires renewal every 90 days. But if you insist on using Full (Strict) SSL on Cloudflare, this may be your only choice unless you
  4. Upgrade to a Cloudflare Business account which allows you to install your own SSL Certificate. If money is no object this would be the best solution.